Here’s a screenshot of an email I recently received:
However, contrary to all appearances, this email isn’t from Amazon.
There are several things that make it appear legitimate at first:
- It closely follows the format of an Amazon email, complete with logo and small print.
- The order numbers look like actual orders I might have placed.
This email tries to get me to click on one of its many links, whether to verify an order number, update my billing, or learn more about their products. Even the last line says “This email was sent from a notification only address that cannot accept incoming mail. Please do not reply to this message.” In other words, click on something.
When receiving an email like this from a supposedly trusted source, there are a few steps to verify whether the email is legitimate or not. Here’s what I found upon closer inspection:
The header of the email lists the sender as email@example.com. Note the misspelling of “amazon”.
The sender’s email address is firstname.lastname@example.org, which is not an amazon email address.
If I hover my mouse over any of the links (without clicking on them!), the associated link information looks like this:
This link points to something called stats.wishsendonline.com rather than to amazon.com. And in fact, all the links in the email bring up the identical link information.
It might be tempting to click on one of these links, but it could take you to a fake or malicious website. It could also steal your personal data or install malware on your computer.
Hopefully, most of the emails you receive will be legitimate. But it always pays to do a quick inspection before clicking on anything in the email. Verify the sender in the email header, and hover over any links to make sure they look like what you would expect. When in doubt, it’s best not to click on anything or open any attachments you have questions about.